View Enterprise Data Loss Prevention (DLP) Log Details

View the log details for traffic that matches your data filtering profiles Enterprise Data Loss Prevention (DLP).
When the managed firewall detects sensitive content during a file upload, and you have created an Alert or Block action, a Data Filtering log is generated. You can filter and view the detailed log data for detected traffic such as the policy rule information, the source and destination of the traffic, and the data profile that the data pattern is associated with. Additionally, the detailed log view displays the specific data pattern that the traffic matched and displays the total number of unique and total occurrences of data pattern matches. Viewing the detailed logs is only available on Panorama.
When the managed firewall detects sensitive content during a file upload, and you have created an Alert or Block action, it generates a log. You can then view the sensitive content, called a
snippet
, from the Data Filtering logs. A snippet is evidence or identifiable information associated with a pattern match. For example, if you specified a data pattern of Credit Card Number, the managed firewall returns the user’s social security number as the snippet that was matched. By default, the managed firewall returns snippets.
The managed firewall uses
data masking
to mask the data in the snippets. By default, the data filtering log displays the last four digits of the value in clear text (partial masking). For example, data filtering log displays a snippet of a credit card number as
XXXX-XXXX-XXXX-1234
. You can also specify the data to be completely displayed in clear text, or fully mask the data to hide all the values.
To view the DLP-specific logs, including file snippets, complete the following steps.
  1. Select
    Monitor
    Logs
    Data Filtering
    and
    Filter
    the data filtering logs by entering
    ( subtype eq dlp )
    .
  2. View more details about the file, including file snippets.
    1. Click the magnifying glass ( magnifying-glass.png ) to the left of the specific log entry for which you want to view more details.
    2. Select
      DLP
      to view the pattern details.
    3. Select
      Show Snippet
      to view a snippet of the data that matched the specific data pattern.
      dlp-plugin-detailed-log-view.png
    4. Review the masked snippet to understand what data was detected.
      dlp-plugin-snippet.png

Recommended For You